Skip to main content
  1. Home
  2. Computing
  3. News

SSL Web Security Protocol Compromised by Researchers

By
Ethernet connector
Image used with permission by copyright holder

Two researchers with PhoneFactor, a company that offers two-factor authentication services, say that thay have uncovered a serious vulnerability in SSL (Secure Sockets Layer), a fundamental online security technology that’s widely used to safeguard ecommerce transactions and other sensitive data. The flaw, in theory, can enable attackers to insert themselves into a secured online transaction as a “man in the middle,” able to view all data moving back and forth between two parties—and alter the data stream and issue commands—on what the users believe is a secured connections.

The researchers, Marsh Ray and Steve Dispensa, found the error in August 2009 and reported it to a group of impacted vendors and standards committees without publicly disclosing the problem. PhoneFactor had planned to hold off on disclosing the vulnerability until early 2010 in order to give vendors time to patch their SSL software and deploy fixed versions to their customers, but another research discovered the bug independently and posted it to an IETF mailing list on November 4.

Recommended Videos

“Because this is a protocol vulnerability, and not merely an implementation flaw, the impacts are far-reaching,” said PhoneFactor CTO Steve Dispensa, in a statement. “All SSL libraries will need to be patched, and most client and server applications will, at a minimum, need to include new copies of SSL libraries in their products. Most users will eventually need to update any software that uses SSL.”

Related

SSL is widely used to secure transmissions for a variety of applications, from ecommerce and online banking, Web-based management of almost any sort of customer account, as well as non-Web applications like database servers, email, and enterprise systems.

The new vulnerability is not the first to hit SSL in recent months: at the Black Hat security conference in Las Vegas security researchers Mike Zusman and Alex Sotirov demonstrated a browser design flaw that enabled man-in-the-middle attacks on SSL connections. Other recent attacks on SSL have focused on clandestinely shifting traffic from SSL_protected https:// connections to unsecured http:// links.

Editors’ Recommendations

Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Early Black Friday External Hard Drive and Portable SSD Deals
Digital Trends Best Black Friday External Hard Drive Deals

Update 11/13/24:With Black Friday rapidly approaching, we're doing our best to keep up with all the best external hard drive deals that have been coming out. To that end, we've updated these deals with a few more options, as well as updated pricing. Also, its very much worth checking back as we find more and better deals to add to this article!

Early Black Friday deals are popping up all over the place, with things like Black Friday Dell laptop deals, Black Friday gaming laptop deals, Black Friday tablet deals, and Black Friday desktop PC deals offering some hefty discounts. If you’ve had your eye on any of these, you may also want to consider an external hard drive for some additional storage space. There are several Black Friday external hard drive deals worth taking a look at, and we’ve rounded up the best of them below. Read onward for all of the details, as well as some information on things to look out for if you plan to purchase an external hard drive while these Black Friday deals are taking place.
Crucial X6 SE 1TB external SSD — $80 $100 20% off

Read more
MacBook Pro 16 vs. MacBook Pro 14: here’s which M4 you should buy
The MacBook Pro 16-inch on a table.

MacBook Pros are some of the best laptops money can buy. With the M4 chip now onboard, these laptops have never been so powerful, and the update brings some interesting upgrades, such as the improved 12-megapixel webcam and brighter screen. They're the best MacBooks that have ever been made, and it's a perfect time to pick one up based on upgrade timing.

But just because the entire MacBook Pro lineup is better now, that doesn't mean it's any easier to choose between the two size options that are available. Despite the fact that they include many of the same features, the 14-inch MacBook Pro and 16-inch MacBook Pro feel like entirely different systems due to their contrast in size.

Read more
The brain-computer interface revolution is just getting started
tech for change brain computer interface who its bxcxfghw

Whether it's jacking into the Matrix or becoming a Na'avi in Avatar, connecting brains to computers is a science-fiction trope that I never thought I'd see become a reality. But increasingly, BCIs (brain-computer interfaces) have become a serious area of study in research labs, rapidly advancing from research labs to real human trials -- perhaps most famously by the Elon Musk's company Neuralink.

While this promises individuals with disabilities a greater degree of freedom and control, along with potential applications in gaming and health care, significant technical, ethical, and regulatory challenges remain. But the more I dug into the topic, the more I found leaders and researchers rising to the occasion to lead us responsibly into the future of the this groundbreaking technology.
What is a brain-computer interface?
Alvin Lucier: Music for Solo Performer (1965)

Read more